AMENDMENT UNDER 37 C.F.R. §1.111 
U.S. APPLICATION NO. 09/891,545 
ATTORNEY DOCKET NO. Q64735 

AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions and listings of claims in the 
application: 

LISTING OF CLAIMS: 

1. {Previously Presented) A method for enabling a user registered in an Network Access 
Server as already connected to a host Virtual Private Network to communicate with at least one 
communication device outside of said host Virtual Private Network, said Network Access Server 
having access over a data communication network to said communication device and to a 
plurality of Virtual Private Networks including said host Virtual Private Network, wherein said 
method comprises sending messages belonging to a communication between said user and said 
communication device over a logical channel between said Network Access Server and said 
communication device, said logical channel referring to an identifier of said host Virtual Private 
Network to which said user is currently connected. 

^ 

2. {Currently Amended) The method according to claim 1, wherein said method further 
comprises: 

detecting at said Network Access Server a message fi-om said user destined to said 
communication device; and 

forwarding said message from said Network Access Server to said communication device 
over the logical channel referring to the identifier of said host Virtual Private Network. 
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3. (Currently Amended) The method according to claim 1, wherein said method further 
comprises: 

detecting a message from said communication device being received at said Network 
Access Server on the logical channel referring to the identifier of said host a -Virtual Private 
Network, said message containing a user destination address; 

determining a user registered in said Network Access Server as already connected to said 
host Virtual Private Network and corresponding to said destination address; and 

forwarding said message from said Network Access Server to said user. 

4. (Previously Presented) The method according to claim 1, wherein said messages 
belonging to the communication between said user and said communication device are 
encapsulated in data packets, said data packets comprising a field containing said identifier of 
said host Virtual Private Network or an indication derived from said identifier. 

5. (Previously Presented) The method according to claim 4, wherein said messages 
belonging to the communication between said user and said conmiunication device are sent over 
a turmel having said identifier of said host Virtual Private Network as txmnel identifier. 

6. (Previously Presented) The method according to claim 1, wherein said messages 
contain IP packets comprising an IP address of said user. 
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7. {Previously Presented) The method according to claim 1, wherein said communication 
device is a server belonging to a local Virtual Private Network associated to said Network 
Access Server and different from said host Virtual Private Network. 

8. {Previously Presented) A Network Access Server for enabling a communication 
between a user and a communication device, said user being registered in said Network Access 
Server as already connected to a host Virtual Private Network, said conamimication device being 
outside of said host Virtual Private Network, said Network Access Server being able to access to 
a database associating an identifier of said user to an identifier of said host Virtual Private 
Network, said Network Access Server comprising means for sending messages originating from 
said user and destined to said commimication device on a logical channel between said Network 
Access Server and said communication device, said logical channel referring to said identifier of 
said host Virtual Private Network to which said user is currently connected. 

9. {Previously Presented) A Network Access Server for identifying a user, from a 
plurality of users, to which a message sent by a communication device and received at said 
Network Access Server, said user being already connected over said Network Access Server to a 
Virtual Private Network not included in said communication device, said Network Access Server 
being able to access to a database associating an identifier of said user to an identifier of said 
Virtual Private Network to which said user is already connected, said Network Access Server 
comprising: 
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a logical channel controller for determining a logical channel identifier of one logical 
channel on which said message is received at said Network Access server; and 

means for identifying the user to which said message is destined, according to said 
logical channel identifier and said user identifier in said database. 

10. (Previously Presented) A Network Access Server for enabling a communication 
between a user and a communication device, said user being registered in said Network Access 
Server as ah*eady connected to a host Virtual Private Network, said communication device being 
outside of said host Virtual Private Network, said Network Access Server being able to access to 
a database associating an identifier of said user to an identifier of said host Virtual Private 
Network, said Network Access Server comprising a forwarding engine for sending messages 
originating from said user and destined to said communication device on a logical channel 
between said Network Access Server and said communication device, said logical channel 
referring to said identifier of said host Virtual Private Network to which said user is currently 
connected. 

11. (Previously Presented) The Network Access Server according to claim 10, further 
comprising a logical channel controller that directs the message on the logical channel between 
said Network Access Server and said communication device. 
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12. (Previously Presented) A Network Access Server for identifying a user, from a 
plurality of users, to which a message sent by a communication device and received at said 
Network Access Server, said user being already connected over said Network Access Server to a 
Virtual Private Network not included in said communication device, said Network Access Server 
being able to access to a database associating an identifier of said user to an identifier of said 
Virtual Private Network to which said user is already connected, said Network Access Server 
comprising: 

a logical channel controller for determining a logical channel identifier of one logical 
channel on which said message is received at said Network Access server; and 

a database searcher for identifying the user to which said message is destined, according 
to said logical channel identifier and said user identifier in said database. 

13. (Previously Presented) The Network Access Server according to claim 12, further 
comprising a forwarding engine that forwards said message from said logical controller to said 
user after said user has been identified. 
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